Disjointed Cyber Warfare: Internal Conflicts among Russian Intelligence Agencies

Abstract

Our ongoing, descriptive study explores the intricacies of Offensive Cyber Operations (OCOs), particularly in the context of the Russian-Ukrainian conflict that began in 2022. This conflict has underscored an escalation in Russian cyber capabilities. Despite OCOs playing a role, academic research indicates a relatively limited ‘spillover effect’. Our study aims to investigate this limited spillover, focusing on the lack of collaboration among Advanced Persistent Threat (APT) groups associated with Russian intelligence agencies: GRU, SVR, and FSB. By analysing the operational and technical integration among these agencies, we seek to identify factors influencing cooperation. Preliminary findings suggest that internal competition and historical disparities may have hindered effective coordination in cyber operations. We posit that this lack of coordination could potentially reduce cyberattack effectiveness and increase detection likelihood. Importantly, we recognise that behavioural aspects, such as the principal-agent problem, may contribute to the barriers preventing collaboration and coordination. These behavioural factors, alongside institutional rivalries, likely play a significant role in shaping the competitive dynamics among Russian intelligence agencies. As our research progresses, we aim to explore the implications of this internal rivalry on the development of technical infrastructure for Russia-affiliated APT groups. We anticipate that our findings illuminate the reasons behind the apparent reduced effectiveness of cyberattacks in this scenario. This exploration of competitive dynamics, historical nuances, and behavioural factors within Russian intelligence agencies is crucial for a comprehensive understanding of the broader cyber operations landscape. We present this paper as a work in progress, aiming to contribute to the ongoing discourse in this field.